Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

showing all ports open, when using with proxychains. #1596

Closed
nighthawkk opened this issue May 15, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@nighthawkk
Copy link

commented May 15, 2019

proxychains4 -f proxychains.conf nmap -sT -Pn 192.168.100.1

[proxychains] config file found: proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.14-git-2-g5ad7c2a
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-15 06:23 EDT
Completed Connect Scan at 06:32, 1.38s elapsed (1000 total ports)
Nmap scan report for 192.168.1.133
Host is up (0.00030s latency).

PORT      STATE SERVICE
1/tcp     open  tcpmux
3/tcp     open  compressnet
4/tcp     open  unknown
6/tcp     open  unknown
7/tcp     open  echo
9/tcp     open  discard
13/tcp    open  daytime
17/tcp    open  qotd
19/tcp    open  chargen
20/tcp    open  ftp-data
21/tcp    open  ftp
22/tcp    open  ssh
23/tcp    open  telnet
24/tcp    open  priv-mail
25/tcp    open  smtp
26/tcp    open  rsftp
30/tcp    open  unknown
32/tcp    open  unknown
33/tcp    open  dsp
37/tcp    open  time
42/tcp    open  nameserver
43/tcp    open  whois
49/tcp    open  tacacs
53/tcp    open  domain
70/tcp    open  gopher
79/tcp    open  finger
80/tcp    open  http
81/tcp    open  hosts2-ns
82/tcp    open  xfer
83/tcp    open  mit-ml-dev
84/tcp    open  ctf
85/tcp    open  mit-ml-dev
88/tcp    open  kerberos-sec
89/tcp    open  su-mit-tg
90/tcp    open  dnsix
99/tcp    open  metagram
100/tcp   open  newacct
106/tcp   open  pop3pw
109/tcp   open  pop2
110/tcp   open  pop3
111/tcp   open  rpcbind
113/tcp   open  ident
119/tcp   open  nntp
125/tcp   open  locus-map
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
143/tcp   open  imap
144/tcp   open  news
146/tcp   open  iso-tp0
161/tcp   open  snmp
163/tcp   open  cmip-man
179/tcp   open  bgp
199/tcp   open  smux
211/tcp   open  914c-g
212/tcp   open  anet
222/tcp   open  rsh-spx
254/tcp   open  unknown
255/tcp   open  unknown
256/tcp   open  fw1-secureremote
259/tcp   open  esro-gen
264/tcp   open  bgmp
280/tcp   open  http-mgmt
301/tcp   open  unknown
306/tcp   open  unknown
311/tcp   open  asip-webadmin
340/tcp   open  unknown
366/tcp   open  odmr
389/tcp   open  ldap
406/tcp   open  imsp
407/tcp   open  timbuktu
416/tcp   open  silverplatter
417/tcp   open  onmux
425/tcp   open  icad-el
427/tcp   open  svrloc
443/tcp   open  https
444/tcp   open  snpp
445/tcp   open  microsoft-ds
458/tcp   open  appleqtc
464/tcp   open  kpasswd5
465/tcp   open  smtps
481/tcp   open  dvs
497/tcp   open  retrospect
500/tcp   open  isakmp
512/tcp   open  exec
513/tcp   open  login
514/tcp   open  shell
515/tcp   open  printer
524/tcp   open  ncp
541/tcp   open  uucp-rlogin
543/tcp   open  klogin
544/tcp   open  kshell
545/tcp   open  ekshell
548/tcp   open  afp
554/tcp   open  rtsp
555/tcp   open  dsf
563/tcp   open  snews
587/tcp   open  submission
593/tcp   open  http-rpc-epmap
616/tcp   open  sco-sysmgr
617/tcp   open  sco-dtmgr
625/tcp   open  apple-xsrvr-admin
631/tcp   open  ipp
636/tcp   open  ldapssl
646/tcp   open  ldp
648/tcp   open  rrp
666/tcp   open  doom
667/tcp   open  disclose
668/tcp   open  mecomm
683/tcp   open  corba-iiop
687/tcp   open  asipregistry
691/tcp   open  resvc
700/tcp   open  epp
705/tcp   open  agentx
711/tcp   open  cisco-tdp
714/tcp   open  iris-xpcs
720/tcp   open  unknown
722/tcp   open  unknown
726/tcp   open  unknown
749/tcp   open  kerberos-adm
765/tcp   open  webster
777/tcp   open  multiling-http
783/tcp   open  spamassassin
787/tcp   open  qsc
800/tcp   open  mdbs_daemon
801/tcp   open  device
808/tcp   open  ccproxy-http
843/tcp   open  unknown
873/tcp   open  rsync
880/tcp   open  unknown
888/tcp   open  accessbuilder
898/tcp   open  sun-manageconsole
900/tcp   open  omginitialrefs
901/tcp   open  samba-swat
902/tcp   open  iss-realsecure
903/tcp   open  iss-console-mgr
911/tcp   open  xact-backup
912/tcp   open  apex-mesh
981/tcp   open  unknown
987/tcp   open  unknown
990/tcp   open  ftps
992/tcp   open  telnets
993/tcp   open  imaps
995/tcp   open  pop3s
999/tcp   open  garcon
1000/tcp  open  cadlock
1001/tcp  open  webpush
1002/tcp  open  windows-icfw
1007/tcp  open  unknown
1009/tcp  open  unknown
1010/tcp  open  surf
1011/tcp  open  unknown
1021/tcp  open  exp1
1022/tcp  open  exp2
1023/tcp  open  netvenuechat
1024/tcp  open  kdm
1025/tcp  open  NFS-or-IIS
1026/tcp  open  LSA-or-nterm
1027/tcp  open  IIS
1028/tcp  open  unknown
1029/tcp  open  ms-lsa
1030/tcp  open  iad1
1031/tcp  open  iad2
1032/tcp  open  iad3
.
.
.
65000/tcp open  unknown
65129/tcp open  unknown
65389/tcp open  unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.45 seconds

please provide solution.

@dmiller-nmap

This comment has been minimized.

Copy link

commented May 17, 2019

Proxychains-ng hooks the connect() calls that Nmap is making and makes connections through a proxy instead. For some reason, it is causing all connect() calls to succeed, which Nmap interprets as an open port. This is most likely the behavior of your proxy, but it could be caused by Proxychains-ng itself. It is not a bug in Nmap, and Nmap has no control over this behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.